Abstract

Recently, Large Language Model (LLM)-empowered recommender systems (RecSys)have brought significant advances in personalized user experience and haveattracted considerable attention. Despite the impressive progress, the researchquestion regarding the safety vulnerability of LLM-empowered RecSys stillremains largely under-investigated. Given the security and privacy concerns, itis more practical to focus on attacking the black-box RecSys, where attackerscan only observe the system's inputs and outputs. However, traditional attackapproaches employing reinforcement learning (RL) agents are not effective forattacking LLM-empowered RecSys due to the limited capabilities in processingcomplex textual inputs, planning, and reasoning. On the other hand, LLMsprovide unprecedented opportunities to serve as attack agents to attack RecSysbecause of their impressive capability in simulating human-like decision-makingprocesses. Therefore, in this paper, we propose a novel attack framework calledCheatAgent by harnessing the human-like capabilities of LLMs, where anLLM-based agent is developed to attack LLM-Empowered RecSys. Specifically, ourmethod first identifies the insertion position for maximum impact with minimalinput modification. After that, the LLM agent is designed to generateadversarial perturbations to insert at target positions. To further improve thequality of generated perturbations, we utilize the prompt tuning technique toimprove attacking strategies via feedback from the victim RecSys iteratively.Extensive experiments across three real-world datasets demonstrate theeffectiveness of our proposed attacking method.